WordPress Plugin Sabai Discuss – Cross-Site Scripting

Exploit Database
17 阅读

作者： Hesam Bazvand

日期： 2017-07-12
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/42317/

# Exploit Title: Sabai Discuss WordPress Plugin Stored XSS vulnerability
# Exploit Author: Hesam Bazvand
# Contact: https://www.facebook.com/hesam.king73
# Software demo : https://sabaidiscuss.com/
# Tested on: Windows 7 / Kali Linux
# Category: WebApps
# Dork : User Your Mind ! :D
# Video Demo : https://youtu.be/QETN6cvBMoM
# Email : Black.king066@gmail.com
# Special thanks to Mr alireza ajami
 
1- Create new question 
	http://localhost/wordpress/questions/ask

2- Insert XSS Code in Title Field

3- Enjoy it!

last Exploits
WordPress Plugin Sabai Discuss – Cross-Site Scripting的更多信息

uc-http Daemon – Local File Inclusion / Directory Traversal：
Apache 2.4.x – Buffer Overflow：
CMS Web-Gooroo < 1.141 - Multiple Vulnerabilities：
DirPHP 1.0 – Local File Inclusion：
WordPress Plugin VideoWhisper 4.27.3 – Multiple Vulnerabilities：
SWFupload 2.5.0 Beta 3 – Arbitrary File Upload：
Teachers Record Management System 1.0 – ‘Multiple’ SQL Injection (Authenticated)：
OpenCart 1.5.1.2 – Blind SQL Injection：